CVE-2025-68197
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will result in a crash in bnxt_bs_trace_type_wrap(). Add a guard to check for a valid magic_byte pointer before proceeding.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68197
EUVD
EUVD-2025-203699
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a null pointer dereference in the Linux kernel's bnxt_en driver, specifically in the function bnxt_bs_trace_check_wrap(). It occurs when older firmware sends an uninitialized FW trace data type (ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER), causing a crash in bnxt_bs_trace_type_wrap(). The fix adds a guard to check for a valid magic_byte pointer before proceeding to prevent the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a null pointer dereference when processing certain firmware trace data. This may lead to system instability or denial of service on affected systems using the bnxt_en driver with older firmware.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart